Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

59 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 59 Filtered view

Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. [...]

More from Bleeping Computer 15 May 2026, 8:09 a.m. Incident · 4 stories Actively exploited CVE-2026-20182 0-Day Authentication Bypass CVE Cisco Compromise Critical Flaw Warning

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]

More from Bleeping Computer 27 Mar 2026, 8:17 a.m. Actively exploited CVE-2026-33017 Artificial Intelligence CISA CVE Critical Flaw Framework Vulnerability Warning

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software

More from The Hacker News 19 Mar 2026, 5:00 a.m. Actively exploited CVE-2026-20131 0-Day Amazon CVE Cisco Critical Disclosure Exploit Firewalls Flaw Java Ransomware Root Unauthenticated Vulnerability Warning

Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. [...]

More from Bleeping Computer 26 Feb 2026, 7:01 a.m. Actively exploited CVE-2026-20127 0-Day Authentication Bypass CVE Cisco Compromise Critical Vulnerability Warning

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads

More from The Hacker News 28 Jan 2026, 10:46 p.m. Actively exploited CVE-2025-8088 CVE China Critical Flaw Google Government Initial Access Nation State Patch Russia Threat Actor Vulnerability Warning
Bank Info Security 5 months, 2 weeks ago

Nation-State and Cybercrime Exploits Tied to React2Shell

2 More Vulnerabilities Need Patching in React Server Components, Warns VercelMass exploitation of the "React2Shell" - CVE-2025-55182 - vulnerability remains underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals running everything from cryptomining malware to DDoS services, security experts warn.

More from Bank Info Security 16 Dec 2025, 6:30 a.m. Actively exploited CVE-2025-55182 CVE China Cryptocurrency DoS Exploit Iran Malware Nation State North Korea Vulnerability Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation

More from The Hacker News 11 Dec 2025, 12:54 a.m. Actively exploited CVE-2025-6218 America CISA CVE Flaw Vulnerability Warning

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day. [...]

More from Bleeping Computer 22 Nov 2025, 12:50 p.m. Actively exploited CVE-2025-61757 0-Day America CISA CVE Flaw Government Oracle Patch Remote Code Execution Warning

Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362

More from The Hacker News 7 Nov 2025, 3:58 a.m. Actively exploited CVE-2025-20333 CVE-2025-20362 CVE Cisco Disclosure DoS Firewalls Warning

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. [...]

More from Bleeping Computer 6 Oct 2025, 2:37 p.m. Actively exploited CVE-2025-61882 0-Day CVE Critical Flaw Oracle Patch Remote Code Execution Theft Unauthenticated Vulnerability Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization's network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile (EPMM)

More from The Hacker News 19 Sep 2025, 4:10 p.m. Actively exploited CVE-2025-4427 CVE-2025-4428 America CISA CVE Compromise Flaw Malware Mobile Threat Actor Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation

More from The Hacker News 12 Sep 2025, 11:03 p.m. Actively exploited CVE-2025-5086 America CISA CVE Critical Flaw Vulnerability Warning